ENCDEC Device Reverse Engineering: Difference between revisions
Jump to navigation
Jump to search
Line 12: | Line 12: | ||
* First host and ENCDEC device exchange random numbers. | * First host and ENCDEC device exchange random numbers. | ||
* From the exchanged random numbers host and ENCDEC device compute the session key. | * From the exchanged random numbers host and ENCDEC device compute the session key. | ||
* ENCDEC commands, e.g. to set ATA keys, are encrypted with the session key. | * ENCDEC commands, e.g. to set ATA keys, are encrypted with the session key and AES-CBC-192. | ||
* Before a secure communication channel is established, host and ENCDEC device use static AES-CBC-192 keys to encrypt communication data. The static keys can be found e.g. in sb_iso_spu_module.self or sv_iso_spu_module.self. | |||
* During the communication, host and ENCDEC device use random IVs which are sent unencrypted together with encrypted payload. | |||
=Set ATA Keys= | =Set ATA Keys= | ||
=Set ENCDEC Keys= | =Set ENCDEC Keys= |
Revision as of 22:27, 15 August 2012
Introduction
- The following information was reverse engineered from LV1, Storage Manager in LPAR1, sb_iso_spu_module.self and sv_iso_spu_module.self.
Linux Driver ps3encdec
- I'm using this driver to set/clear my ATA and VFLASH keys.
- Tested on Linux 3.5.1.
Establish Secure Communication Channel
- First host and ENCDEC device exchange random numbers.
- From the exchanged random numbers host and ENCDEC device compute the session key.
- ENCDEC commands, e.g. to set ATA keys, are encrypted with the session key and AES-CBC-192.
- Before a secure communication channel is established, host and ENCDEC device use static AES-CBC-192 keys to encrypt communication data. The static keys can be found e.g. in sb_iso_spu_module.self or sv_iso_spu_module.self.
- During the communication, host and ENCDEC device use random IVs which are sent unencrypted together with encrypted payload.